@p0security/cli 0.3.1 → 0.4.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. package/dist/commands/__tests__/ssh.test.js +13 -0
  2. package/dist/commands/request.d.ts +2 -2
  3. package/dist/commands/ssh.js +15 -2
  4. package/dist/plugins/aws/ssm/index.js +1 -1
  5. package/dist/plugins/aws/types.d.ts +5 -1
  6. package/dist/types/request.d.ts +2 -1
  7. package/package.json +1 -1
package/dist/commands/__tests__/ssh.test.js CHANGED
@@ -64,6 +64,19 @@ describe("ssh", () => {
64
64
  id: "abcefg",
65
65
  isPreexisting: false,
66
66
  isPersistent,
67
+ event: {
68
+ permission: {
69
+ type: "session",
70
+ spec: {
71
+ resource: {
72
+ arn: "arn:aws:ec2:us-west-2:391052057035:instance/i-0b1b7b7b7b7b7b7b7",
73
+ },
74
+ },
75
+ },
76
+ generated: {
77
+ documentName: "documentName",
78
+ },
79
+ },
67
80
  });
68
81
  });
69
82
  it("should call p0 request with reason arg", () => __awaiter(void 0, void 0, void 0, function* () {
package/dist/commands/request.d.ts CHANGED
@@ -4,9 +4,9 @@ import yargs from "yargs";
4
4
  export declare const requestCommand: (yargs: yargs.Argv<{}>) => yargs.Argv<{
5
5
  arguments: string[];
6
6
  }>;
7
- export declare const request: (args: yargs.ArgumentsCamelCase<{
7
+ export declare const request: <T>(args: yargs.ArgumentsCamelCase<{
8
8
  arguments: string[];
9
9
  wait?: boolean;
10
10
  }>, authn?: Authn, options?: {
11
11
  message?: "all" | "approval-required" | "none";
12
- }) => Promise<RequestResponse | undefined>;
12
+ }) => Promise<RequestResponse<T> | undefined>;
package/dist/commands/ssh.js CHANGED
@@ -135,6 +135,7 @@ const ssh = (args) => __awaiter(void 0, void 0, void 0, function* () {
135
135
  yield validateSshInstall(authn);
136
136
  const response = yield (0, request_2.request)(Object.assign(Object.assign({}, (0, lodash_1.pick)(args, "$0", "_")), { arguments: [
137
137
  "ssh",
138
+ "session",
138
139
  args.destination,
139
140
  "--provider",
140
141
  "aws",
@@ -145,10 +146,22 @@ const ssh = (args) => __awaiter(void 0, void 0, void 0, function* () {
145
146
  (0, stdio_1.print2)("Did not receive access ID from server");
146
147
  return;
147
148
  }
148
- const { id, isPreexisting } = response;
149
+ const { id, isPreexisting, event } = response;
149
150
  if (!isPreexisting)
150
151
  (0, stdio_1.print2)("Waiting for access to be provisioned");
152
+ /**
153
+ * TODO TECH-DEBT ENG-1813:
154
+ * We use the id and waitForProvisioning to find the permission request document which has
155
+ * critical data, such as the document name and generated role, that we need to build up a
156
+ * viable SSM request.
157
+ *
158
+ * Replacing the permission with event.permission is necessary when trying to connect to an
159
+ * instance which has been granted approval through it's group. The event.permission object
160
+ * will contain details about the specific instance we are trying to connect to such as the
161
+ * instance id. Without an instance id, which an SSH group permission request document does
162
+ * not contain we cannot construct a valid SSM command.
163
+ */
151
164
  const requestData = yield waitForProvisioning(authn, id);
152
- const requestWithId = Object.assign(Object.assign({}, requestData), { id });
165
+ const requestWithId = Object.assign(Object.assign({}, requestData), { id, permission: event.permission });
153
166
  yield (0, ssm_1.ssm)(authn, requestWithId, args);
154
167
  });
package/dist/plugins/aws/ssm/index.js CHANGED
@@ -236,7 +236,7 @@ const ssm = (authn, request, args) => __awaiter(void 0, void 0, void 0, function
236
236
  const isInstalled = yield (0, install_1.ensureSsmInstall)();
237
237
  if (!isInstalled)
238
238
  throw "Please try again after installing the required AWS utilities";
239
- const match = request.permission.spec.arn.match(INSTANCE_ARN_PATTERN);
239
+ const match = request.permission.spec.awsResourcePermission.resource.arn.match(INSTANCE_ARN_PATTERN);
240
240
  if (!match)
241
241
  throw "Did not receive a properly formatted instance identifier";
242
242
  const [, region, account, instance] = match;
package/dist/plugins/aws/types.d.ts CHANGED
@@ -43,7 +43,11 @@ export declare type AwsConfig = {
43
43
  export declare type AwsSsh = {
44
44
  permission: {
45
45
  spec: {
46
- arn: string;
46
+ awsResourcePermission: {
47
+ resource: {
48
+ arn: string;
49
+ };
50
+ };
47
51
  };
48
52
  type: "session";
49
53
  };
package/dist/types/request.d.ts CHANGED
@@ -26,10 +26,11 @@ export declare type Request<P extends PluginRequest = {
26
26
  permission: P["permission"];
27
27
  principal: string;
28
28
  };
29
- export declare type RequestResponse = {
29
+ export declare type RequestResponse<T> = {
30
30
  ok: true;
31
31
  message: string;
32
32
  id: string;
33
+ event: T;
33
34
  isPreexisting: boolean;
34
35
  isPersistent: boolean;
35
36
  };
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@p0security/cli",
3
- "version": "0.3.1",
3
+ "version": "0.4.2",
4
4
  "description": "Execute infra CLI commands with P0 grants",
5
5
  "main": "index.ts",
6
6
  "repository": {